ElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · 1 month agoJellyfin critical security update - This is not a jokegithub.comexternal-linkmessage-square255linkfedilinkarrow-up1713arrow-down18 cross-posted to: piracy@lemmy.dbzer0.com
arrow-up1705arrow-down1external-linkJellyfin critical security update - This is not a jokegithub.comElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · 1 month agomessage-square255linkfedilink cross-posted to: piracy@lemmy.dbzer0.com
minus-squareburghler@sh.itjust.workslinkfedilinkEnglisharrow-up39·1 month agoWonder if it’s the Axios one. Sounds like it isn’t from their description though hmm
minus-squaredoeknius_gloek@discuss.tchncs.delinkfedilinkEnglisharrow-up24·1 month agoI don’t think so, the previous release 10.11.6 is a few months old and the axios supply chain attack happened yesterday.
minus-squareStrit@lemmy.linuxuserspace.showlinkfedilinkEnglisharrow-up13·1 month agoSo lets hope this 10.11.7 is not subject to the axios one. :)
minus-squarerollerbang@lemmy.worldlinkfedilinkEnglisharrow-up13·1 month agoDiff agrees, not likely. Might be permisson related, elevation of privileges.
minus-squaresudoMakeUser@sh.itjust.workslinkfedilinkEnglisharrow-up2arrow-down2·1 month agoAxios is a Javascript library and Jellyfin is written in C#.
minus-squaredvlsg@lemmy.worldlinkfedilinkEnglisharrow-up8·1 month agoTrue, but there is a web frontend. Possible it could be using npm and axios somewhere in there. I still doubt it. But it could happen.
minus-squaresudoMakeUser@sh.itjust.workslinkfedilinkEnglisharrow-up2arrow-down5·1 month agoThe web server is in C#. It’s open source lol, I’m looking at the code and there’s no JavaScript.
minus-squareElectricVocalist@jlai.luOPlinkfedilinkEnglisharrow-up10·1 month agoLook better https://github.com/jellyfin/jellyfin-web
minus-squaresudoMakeUser@sh.itjust.workslinkfedilinkEnglisharrow-up3arrow-down1·1 month agoThat’s awkward. I didn’t know that was in a separate repo.
Wonder if it’s the Axios one. Sounds like it isn’t from their description though hmm
I don’t think so, the previous release 10.11.6 is a few months old and the axios supply chain attack happened yesterday.
So lets hope this 10.11.7 is not subject to the axios one. :)
Diff agrees, not likely. Might be permisson related, elevation of privileges.
Axios is a Javascript library and Jellyfin is written in C#.
True, but there is a web frontend. Possible it could be using npm and axios somewhere in there.
I still doubt it. But it could happen.
The web server is in C#. It’s open source lol, I’m looking at the code and there’s no JavaScript.
Look better https://github.com/jellyfin/jellyfin-web
That’s awkward. I didn’t know that was in a separate repo.
deleted by creator